A Chinese hacker group is stealing global airline passenger data

Edited By: Bharat Sharma WION Web Team
New Delhi, India Published: Jan 20, 2021, 05.55 PM(IST)

A map of China is seen through a magnifying glass on a computer screen showing binary digits in Singapore. Photograph:( Reuters )

Story highlights

A hacking group from China is suspected of attacking the airline industry over the last few years to obtain data of passengers. Reportedly, this was done to track the movement of people of interest to China

A hacking group from China is suspected of attacking the airline industry over the last few years to obtain data of passengers. Reportedly, this was done to track the movement of people of interest to China. Zdnet reported that the hackers have been attacking the data under the name of Chimera.

Additionally, the group operates for the Chinese state. Initially, the activities of the group were reported in a Black Hat presentation from CyCraft in 2020.

In its initial findings, they found that a series of coordinated attacks took place against Taiwan's superconductor industry.

Last week, NCC Group published a new report claiming that intrusions into its data are broader than previously thought. Its subsidiary Fox-IT also reported the same. Even in this case, the airline industry was targetted.

"NCC Group and Fox-IT observed this threat actor during various incident response engagements performed between October 2019 until April 2020," Zdnet quotes the companies as saying.

Also read: US intel agencies say Russia likely behind hacking of govt agencies

Both the companies said that these attacks were targetting airline and semiconductor companies across different parts of the world, and not just in Asia.

In many cases, hackers hid inside networks for over three years before they were discovered.

Reportedly, the attack on semiconductor industry aimed to steal intellectual property, while in the case of the airline industry, the goal was different.

Also read: European Medicines Agency hacking: Pfizer-BioNTech confirm vaccine documents 'unlawfully accessed'

The companies claimed that the hackers were targeting victims to obtain Passenger Name Records or what is commonly known as PNR.

The report by NCC and Fox-IT mentions how Chimera operates, saying that it begins by collecting login credentials that became part of the public domain after other companies suffered data breaches.

Once the data was accessed and collected, the information was uploaded to OneDrive, Dropbox, or Google Drive, for traffic flowing into these services is barely inspected.

Read in App